During the summer of last year, there was a growing controversy
surrounding the FDA’s request to hackers to expose holes in medical
devices security, such as insulin devices and other wireless and
computer connected home and hospital devices. Understandably, many
hackers and security experts were not particularly keen to attempt or
test the security of these devices, for fear of incorrect perception,
and potential outcry. In December last year, the FDA was itself the
target of an hacking operation, in particular the system used by
pharmaceutical companies to input data on drug tests, results, clinical
trials, and so on. Whether this was an attack by cyber thieves, as the
FDA claims, orhacktivistsremains to be seen.

Corporate Theft or Exposing the Truth?

The FDA of course, was quick to denounce the attack as a cyber theft. The information reported to have been accessed included
medical trial data, marketing information and strategy, and information
about drug manufacturing. While on the surface, we could very well
accept that this could be a simple case of corporate espionage, it is
worth remembering that any company that wants drug approval in the US
has to go through the FDA first. Is running the risk of potentially
alienating the very body that approves your products a strategy that a
multi billion dollar pharmaceutical company would really undertake?
While it can’t be rules out as a possibility, unless the hackers come
forward, it does seem unlikely. It’s also important to remember that
there is a large amount of controversy surrounding the pharmaceutical
industry all over the world, but especially in the states. Could
hacktivists have been responsible for the attack? If so, what could be
the causes for such as attack? As we will see, there may be more than we
might initially think.

Practice and Method - How Big Pharma Operates

In the US alone, it is estimated that around 70% of the population takes
prescription drugs. Given the amount of people in the US is estimated
to be over 300 million, that is a staggering number. With such a large
amount of people taking these drugs, addiction rates are rising rapidly -
so much so, that currently prescription addicts are more common than
illegal drug addicts. It is a very real problem that continues to be
skirted around by the US regulators and administration. In fact, where
as knowing the signs of heroin or crack cocaine addiction were important
pieces of information for people who suspected they may have an addict
among friends or family, the same is now true for widely available
prescription drugs, and many Americans are being encouraged to learn more about the potential causes and signs of prescription drug abuse, by drug charities and non profit institutions.

At the center of this problem lies the pharmaceutical industry. Adverts
for medications are common, and standard practice for getting new drugs
to market includes rigging clinical trials to get the desired results in
clever ways that do not outright break the law, invasive marketing
schemes on family doctors and consumers, where doctors will often be
offered ‘sweeteners’ such as free lunches, travel to events, or even
help building their reputation as speakers at industry funded
conferences. The FDA is also, despite being an independent regulatory
body, often effectively ‘bought out’ by companies looking to get drugs
to market fast. There is the additional problem that all drug test data
is not available for public consumption, meaning academics and doctors
are unable to view results of tests or trials for themselves. This has
led to a number of large law suits in the US, and around the world, as
well as in extreme cases, deaths directly related to withheld side
affects of new drugs.

Coincidence or Calculated?

We might then speculate on the nature of the accessed data once again.
Bearing in mind the nature of how the industry operates, and the
information that was accessed, we could quite easily draw a link between
the two, and surmise that the hack may well have been the work of a
hacktivist movement. Of course, there is no way to prove whether this
was the case or not, but given the ambitious actions of a number of
groups over the last few years, it certainly can’t be ruled out.

Disclaimer:- At perfection Team VOGH felicitate Eve Haltonfor sharing this luminous article with our readers. Eve is a very much passionate Fleet Street, she has done her graduation in International Business and Journalism. Eve, this time also you have done eminent job, we love you :)

What Risk We are Posing!Everyone Can Become a Target of the Latest Cyber Security Threats

According to a report by the Washington Post,
hackers may soon be setting up a plan to unfold in 2013 that will
target 30 different U.S. banking institutions. McAfee Labs, who has
compiled a new cyber security report, says that banks should be on the
lookout for software that creates false online transactions or targets
transfers tied to large dollar amounts.

Sources
say that these threats can all be tied back to “Project Blitzkrieg”,
which is a program that has been around since 2008. Within the past four
years, it has already stolen $5 million and plans to continue for as
long as possible. During the past few months, between 300 and 500
victims located within the U.S. have fallen victim to Project
Blitzkrieg’s schemes. By the spring of 2013, McAfee says that things
could get even worse for U.S. banks and their customers.

Experts
note that this scheme may be tied to reports from back in October by
security company RSA that mentioned how a hacker out of Russia named
“vorVzakone” has been openly discussing his plan to recruit a team to
plan the largest Trojan attack tied to banking. McAfee warns that these
threats should be taken extremely seriously as the beginning of 2013 is
soon to unfold. The software can become extremely dangerous to those
doing their banking online because it can replicate transactions and
even delete e-mail notifications about certain transfers.

While
U.S. banks will no doubt be increasing their security protocols to
protect themselves from any unnecessary attacks, most already know that
they are continually being cited as targets from hacking groups around
the globe. Back in September, both JP Morgan Chase and Bank of America
saw their sites crash because of DDoS attacks.

Samsung Smart TV Dangers

The Register has
recently reported that Samsung’s newest Smart TV is completely open and
vulnerable to hacking because it gives hackers the ability to steal
data very quickly. According to security company ReVuln, this
vulnerability most notably affects consumers who own and use their
Samsung 3D TVs for internet purposes.

Those who use their Smart TVs can rent movies, browse the web for a cheap line rental,
go on Facebook, and more. ReVuln claims that they have found an exploit
which allows hackers to see everything the user is doing while they are
using their TV, retrieve and access information like
web history, and hook up an external thumb drive to the TV to
conveniently steal all of this information for future use. While ReVuln
noticed this exploit while using a Samsung 3D TV, the true problem is
that it seems to affect all of the latest Samsung TVs with internet
capabilities, which includes many different makes and models.

As
these TVs continue to act more as larger PCs, it is only a matter of
time until we see even more security vulnerabilities tied to them in the
very near future.

Gas Station Bluetooth Skimming

News site KRCA out
of Sacramento notes that crooks are using Bluetooth devices in order to
steal credit card information from those who are paying for gas at the
pump. The biggest issue the cyber security experts noticed is that these
thieves do not even have to be near the gas station in order to steal
information.

Crooks
are using skimming devices that utilize Bluetooth and contain a variety
of common security keys that can be used to access gas pumps for
maintenance. They don’t simply pull out their device and begin swiping
information for oblivious consumers. Thieves will start by installing
skimmers on the pumps to collect information from those pumping gas and
then pick them back up. Detectives say that these types of devices are
impossible to detect.

According
to experts, thieves can be up to 100 yards away and continually collect
credit card information from unsuspecting users. Because of this, these
crooks are impossible to detect, and the problem may only grow larger
in the near future.

Troublesome QR Codes

QR codes seem to be everywhere these days. They’re typically on
everything from advertisements to products that we purchase on a daily
basis. In the Netherlands, hackers are posting QR codes in heavily
trafficked areas like airports and major streets. When these QR codes
are scanned in by a user’s smart phone, they are taken to a malicious
website that may attempt to phish information from the user or possibly
infect their smartphone with malware.

Disclaimer:- Before perfection, on behalf of Team VOGH, I would like to personally thank Eve Halton for sharing this magnificent article with our readers. Eve is a very much passionate Fleet Street, she has done her graduation in International Business and Journalism. She gained decent experience in writing articles on several fields like global politics, economics, sustainability issues, cyber security & many more.

This sensational issue was made public by NBC News deferentially with the help of none other than Edward Snowden. In their exclusive report headed'War on Anonymous: British Spies Attacked Hackers,' NBC said -The blunt instrument the spy unit used to target hackers, however, also interrupted the web communications of political dissidents who did not engage in any illegal hacking. It may also have shut down websites with no connection to Anonymous. According to the documents, a division of Government Communications Headquarters (GCHQ), the British counterpart of the NSA, shut down communications among Anonymous hacktivists by launching a “denial of service” (DDOS) attack – the same technique hackers use to take down bank, retail and government websites – making the British government the first Western government known to have conducted such an attack.

The documents, from a PowerPoint presentation prepared for a 2012 NSA conference called SIGDEV, show that the unit known as the Joint Threat Research Intelligence Group, or JTRIG, boasted of using the DDOS attack – which it dubbed Rolling Thunder -- and other techniques to scare away 80 percent of the users of Anonymous internet chat rooms.

The existence of JTRIG has never been previously disclosed publicly. The documents also show that JTRIG infiltrated chat rooms known as IRCs and identified individual hackers who had taken confidential information from websites. In one case JTRIG helped send a hacktivist to prison for stealing data from PayPal, and in another it helped identify hacktivists who attacked government websites.

As soon as this story getting all the spot lights, immediately the GCHQ responded to this saying all their movements and operations were lawful. “All of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensure[s] that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All of our operational processes rigorously support this position.” -GCHQ said the press. To know more detail about this story, don't forget to stay tuned with VOGH.

The intrusion kill chain model is derived from a military
model describing the phases of an attack. The phases of the military model are:
find, fix, track, target, engage, and assess. The analyses of these phases are
used to pinpoint gaps in capability and prioritize the development of needed
systems. The first phase in this military model is to decide on a target
(find). Second, once the target is decided you set about to locate it (fix). Next,
you would surveill to gather intelligence (track). Once you have enough
information, you decide the best way to realize your objective (target) and
then implement your strategy (engage). And finally, you analyze what went wrong
and what went right (assess) so that adjustments can be made in future attacks.

Lockheed Martin analysts began by mapping the phases of
cyber attacks. The mapping focused on specific types of attacks, Advanced
Persistent Threats (APTs) - The adversary/intruder gets into your network and
stays for years– sending information, usually encrypted – to collection sites
without being detected. Since the intruder spent so much time in the network,
analysts were able to gather data about what was happening. Analysts could then
sift through the data and begin grouping it into the military attack model
phases. Analysts soon realized that while there were predictable phases in
cyber attacks, the phases were slightly different from the military model. The intrusion (cyber) kill chain shown below,
describe the phases of a cyber attack.

The chain of events or activities are as follows:

Link in the Chain

Description

1.
Reconnaissance

Research, identification and selection of targets-
scraping websites for information on companies and their employees in order
to select targets.

2.
Weaponization

Most often, a Trojan with an exploit embedded in
documents, photos, etc.

3. Delivery

Transmission of the weapon (document with an embedded
exploit) to the targeted environment.
According to Lockheed Martin's Computer Incident Response Team
(LM-CIRT), the most prevalent delivery methods are email
attachments,websites, and USB removable media.

4. Exploitation

After the weapon is delivered, the intruder's code is
triggered to exploit an operating system or application vulnerability, to
make use of an operating system's auto execute feature or exploit the users
themselves.

5. Installation

Along with the exploit the weapon installs a remote
access Trojan and/or a backdoor that allows the intruder to maintain presence
in the environment

6. Command and
Control

Intruders establish a connection to an outside
collection server from compromised systems and gain 'hands on the keyboard'
control of the target's compromised network/systems/applications.

7. Actions on
Objective

After progressing through the previous 6 phases, the
intruder takes action to achieve their objective. The most common objectives are: data extraction, disruption of the network,
and/or use of the target's network as a hop point.

Lockheed Martin's analysts also discovered while
mapping the intruder's activities, that a break (kill) in any one link in the
chain would cause the intrusion to fail in its objective. This is one of the
major benefits of the intrusion kill chain framework as security professionals
have traditionally taken a defensive approach when it comes to incident
response. This means that intrusions can be dealt with offensively too.

Lockheed Martin's case studies reveal that knowledge
about previous intrusions and how they were accomplished allow analysts to
recognize those previously used tactics and exploits in current attacks. For example, mapping of three intrusions
revealed that all three were delivered via email, all three used very similar encryption,
all three used the same installation program and connected to the same outside
collection site. All of the intrusions were stopped before they accomplished
their objective.

How did they do this? How can my company utilize this
approach?

Monitoring and mapping is the key.

The following list contains some of the necessary
components (not in any particular order) needed to do intrusion mapping and
setting up the kill.

·Coordination and partnering with IT, Application
Owners, Database Administrators, Business Units and Management both in
investigation and communicating the mapped intrusions.

In short, in order to implement intrusion kill chain
activity a company needs to have a mature inter-operating and information security
program. Additionally, they need trained staff that can investigate, map and
advise 'kill' activities, keep a compendium of mapped intrusions, analyze and
compare old and new intruder activity, code use, and delivery methods to thwart
current and future intrusions.

The intrusion (cyber) kill chain is not an endeavor that
can be successfully implemented in place of a comprehensive Information
Security Program, it’s another tool to be used to protect the company's data
assets.

The good news is if your company doesn't have a mature
information security program there is a lot you can do while making plans to
introduce an intrusion kill chains in your department's arsenal.

·Educate your employees to watch for suspicious
emails. For instance, emails that seem to be off – such as, someone in
accounting receiving an invitation to attend a marketing conference. Let them
know that they shouldn't open attachments included in email like this.

·Make sure you have anti-virus and anti-malware software
installed and up to date.

·You have an advantage over intruders. You know
your network and what is normal and usual, they don't. Notice user behavior that is not usual and
look into it. For example, a login at 2am
for someone who works 9 to 5. Or an application process that normally runs
overnight that is kicking off during the day.

·Keep your security patches up to date.

·Create and monitor baseline configurations.

·Write, publish and communicate information
security policies and company standards.

·Turn on logging and start collecting and keeping
logs. Start with network devices and firewalls and then add servers and
databases. Set up alerts for things such
as repeated attempts at access.

·Spend some time using search engines from
outside your network to see how much information can be learned about your
company from the Internet. You'd be
surprised how much you can find including sensitive documents.

All of these practices and activities give you more
information about your computing environment and what is normal and usual. The
more you know about your environment, the more likely it is that you will spot
the intruder before any damage is done.

Disclaimer:-Before conclusion, on behalf of Team VOGH, I would like to personally thank Mr. Adrian Stolarski for sharing this remarkable article with our readers. I would also like to thank Ryan Fahey of Infosec Institute for his spontaneous effort.

VOGH Exclusive:URL Redirection Vulnerability Found In Facebook [The Vulnerability Still Active & Not Been Patched]

Facebook -the world's largest social networking site with registered users of more than one billion, is considered among one of the safest site of the cyber space. To maintain such reputation Facebook Inc has done all the required steps, that one could possibly take. Like other high profile and very popular websites, Facebook also stand as one of the hot target of almost every cyber criminals of the world. To get rid of this and make FB safe and secure, the company have introduced what it called 'Bug Bounty' offer; where you can submit vulnerabilities to FB and get rewarded. We have seen many security researchers and hackers across the globe has done this and get their award. But not every time, and today I will talk about that- few days ago a reader of VOGH, who also goes by the nick name of 'Dr41DeY' has figured out a URL redirection vulnerability in Facebook. One of the link in Facebook App which is apps.facebook.com is posing URL redirection vulnerability. The hacker has demonstrated how any one can use the vulnerability in order to manipulate millions of innocent Facebook users. Let see

Before publishing this, one of our VOGH representative have talked with Facebook Security regarding this security vulnerability, but due to some reason FB might overlooked this issue. Finally after waiting for almost a week, we the Team VOGH decided to bring this in-front of our reader. Let briefly go through with the vulnerable link-

Replace voiceofgreyhat.com with any of your favorite site, and the the said vulnerability will allow you to get redirected to that very website you want to from Facebook. This loophole is still active, and any one can test that with the above url, we thought the impact of this loophole is very serious, as any malicious attacker can misuse the trust-hod of Facebook's url in order to harm regular internet users, while redirecting them to any junk or malfunctional websites.

Disclaimer:- Earlier I told that the issue has already brought into the notice of Facebook Security, but they overlooked the whole issue, so being a responsible cyber media, we VOGH are disclosing this to people. If any one misuse this vulnerability, then Voiceofgreyhat will not at all be responsible for any kind of mishap.

Update:- May be doing more that what we call late repent, but finally the above disclosed vulnerability has been patched by Facebook security team.

Earlier we have seen world renowned media houses like CNN, NBC, Fox News, Washington Post, NY Times, NDTV and so on have fallen victim to hackers and cyber criminals. Now it was the turn for world’s largest and oldest broadcaster -British Broadcasting Corporation, widely known to us as BBC. Sources revealed that cyber criminals have managed to breach the security system of BBC and secretly took over a computer server at the BBC and then launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system. The attack was first identified by a cyber security firm named Hold Security LLC, in Milwaukee that monitors underground cyber crime forums in search of stolen information. However, it is still not clear whether the hacker stole any information or data or caused any damage to the site. In conversation with press Alex Holden, founder and Chief Information Security Officer of Hold Security told -"So far Hold Security researchers have found no evidence the conversations led to a deal or that data was stolen from the BBC.” So far the identity of hacker has not been confirmed, but the firm researchers observed a notorious Russian hacker known by the monikers "HASH" and "Rev0lver," attempting to sell access to the BBC server on December 25. However, BBC's security team managed to secure the site on Saturday, claims a person close to clean up efforts. One of the BBC spokesman refused to comment on the issue, he said, “We do not comment on security issues.” On the other hand, Justin Clarke, a principal consultant for the cyber security firm Cylance, said that while "accessing that server establishes a foothold within BBC's network which may allow an attacker to pivot and gain further access to internal BBC resources.” So far Hold Security researchers have found no evidence the conversations led to a deal or that data was stolen from the BBC. But we all know that ftp systems are typically used to manage the transfer of large data files over the Internet. That's why the chances of data breach cant not be denied at this time. For updates on this piece of news and other hot information of the cyber & tech world stay tuned with VOGH.

Couple of weeks ago, I have talked about the vulnerability of Cartoon Network official website, today I am going to speak about two more big fish who are posing serious security holes in their official websites. Lets not waste time while stretching the preface and come directly to the story -it's the hacker who has recently made his name for some big hacks, has back again.

Many of you are right, I am talking about 'Dr41DeY' because he is the guy who found vulnerability in the official website of Skype Shop and National Geographic Channel Germany (Nat Geo). Both Nat Geo and Skype have non persistent cross site scripting vulnerability also known as XSS vulnerability in their website. We have already informed this issue to concerning authority and webmaster to avoid misfortune. As expected, while writing this Skype have taken this issue seriously and fixed their loopholes immediately. Still for proof- above I have shared the screenshots with our readers, as evidence of the XSS hole. But unlike Skype Shop, Nat Geo yet not responded, so the vulnerability still exist on their portal. Hopefully they will take appropriate steps with out doing more delay. For updates in this story and also other hot cyber issues, just stay tuned with VOGH. Before concluding, I would like to remind you that- in 2012 an Indian hacker named Akshay has found XSS holes in the official website of National Geographic. Again after a year, Dr41DeY found another Nat GEO site vulnerable to XSS, that definitely arises a doubt about the security concern of one of the world's leading satellite television channel featuring documentaries with factual content involving nature, science, culture, and history, plus some reality and pseudo-scientific entertainment programming.